I notice that I have been getting a lot of spam through my contact form even though I have reCAPTCHA v2 enabled. I have been using Backlight v3, so I decided to upgraded to v 5.1. I went into my contact form setup to see if anything was off that would cause me to get spam through the contact form. The setup seems straight forward and I couldn’t understand why the reCAPTCHA v2 doesn’t seem to stop spam. So I tried sending my self a message through the contact page. When I click on send, I get the following message:
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.”
This is very confusing. Apparently spam bots have no problem sending me spam messages through my contact page, but I am unable to send myself a message.
I would greatly appreciate it if anyone can explain what is happening.
Can anyone point me in a direction as to why this is happening? The contact form was working at least up to a week ago. I can not point to any changes in my setup, other than the normal Windows updates.
Hi Ken, I’ve tried sending a test submission and could see the 503. Can you provide me with a Backlight admin and FTP access so that I can try to work out what’s going wrong with your server? The best way is to click on my profile name followed by ‘Message’.
Hi Ken, thanks for the access. This has taken a bit of figuring out.
Backlight tries three approaches to contact Google to verify the reCAPTCHA. The first approach is available on your server but for some reason this causes an error. There seems no way of finding out what this error is. I have edited one of your files to skip this first approach and reCAPTCHA checking and your form submission is now working.
This isn’t a good solution though, because the checks we already have in place should be sufficient and I don’t have a general solution to solving this without a specific fix for your site. I notice that your site is running on PHP 5.6. While this issue isn’t likely specific to PHP 5.6, it’s possible that your host’s configuration of 5.6 is glitchy. PHP 5.6 is also very old and unsupported from the developers of PHP. Can you see if you can upgrade to a newer version of PHP in your control panel? Preferably this would be PHP 8.0 or above. If you can change this then let me know and I’ll undo the code change so that we can see if a change of PHP version solves the problem.
(note for myself: the edited code is in url_get_contents in backlight/modules/module-framework/helpers/URLHelper.php)
Ben, thanks so much for looking into this. I just updated my Linux Hosting PHP to version to 8.1.
Prior to and after updating the PHP version, I tried using the contact page to send ioscapes email a message. Both times worked. However, both times when I check the “I am not a robot”, the green check mark appears, but there was no photo presentation asking me to select specific boxes using a specific criteria, which is what normally happens before the green check mark appears.
Hi Ken, glad to have been able to help. I’ll undo that code change and check whether the form works correctly on the upgraded PHP.
Google’s reCAPTCHA determines whether it needs to show the photos at the time that the form is displayed. It would depend on a number of metrics and from what I know the interactivity with the page and the checkbox contribute to this. You can also configure how interactive the reCAPTCHA is in the reCAPTCHA admin where you trade off spam protection and convenience for the user.
I tried sending a message through my contact page and it seems to work OK.
Regarding the reCAPTCHA admin, when I log into my google account I can not find the reCAPTCHA admin console. Should it be there or would it be in my web hosting service account (the place where I update the PHP).
Thanks! I was able to reset my reCAPTCHA and increase the security level. Hopefully this will stop the spam. I went into my Backlight Administration and noticed the Contacts section. I looked at this and was astonished at the volume of spam, hundreds of messages. Because my email spam filter blocked these along with legitimate contacts, I wasn’t aware at the extent of the problem and how poorly the reCAPTCHA on my contact page works to block the spam. I cleared out the spam on the Backlight Administration and will watch and see if the increased security settings, which force responding to a picture, will eliminate the spam. If it doesn’t and I will remove the contact page and add a page with contact information that displays my email address as a bitmapped image, which I hope would be difficult for a spammer to utilize.
Hi Ken, hopefully that helps reduce spam. There’s one type of spam though that it won’t solve - the reCAPTCHA being solved by actual people!
I have changed back that fix I had made so that your site is no longer running a custom fix. In my testing it looks like this is no longer an issue; upgrading to PHP 8.1 solved whatever underlying issue that your host had with PHP 5.6.
Hi Ben, I appreciate all of your help. I have learned some new things. How to modify the google reCAPTCHA settings and to update the PHP ver. I noticed on my web hosting website where I did the upgrade, it recommended that I keep PHP up to date. So I guess I need to periodically check and see what the most current version is and if I need to update.
Also, I did receive your final test contact message that you sent to me. Now I just have to figure out how to make Outlook not move all the contact messages that are sent to me to the spam folder. I have told Outlook that they are not spam, but it seems that there is something unique about each contact message emailed to me that causes Outlook to categorize it as spam.